1 /* 2 * ftpp_eo.h 3 * 4 * Copyright (C) 2014-2021 Cisco and/or its affiliates. All rights reserved. 5 * Copyright (C) 2004-2013 Sourcefire, Inc. 6 * Steven A. Sturges <ssturges@sourcefire.com> 7 * Daniel J. Roelker <droelker@sourcefire.com> 8 * Marc A. Norton <mnorton@sourcefire.com> 9 * 10 * This program is free software; you can redistribute it and/or modify 11 * it under the terms of the GNU General Public License Version 2 as 12 * published by the Free Software Foundation. You may not use, modify or 13 * distribute this program under any other version of the GNU General 14 * Public License. 15 * 16 * This program is distributed in the hope that it will be useful, 17 * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 19 * GNU General Public License for more details. 20 * 21 * You should have received a copy of the GNU General Public License 22 * along with this program; if not, write to the Free Software 23 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 24 * 25 * Description: 26 * 27 * Contains the data structures, event types, specific events, 28 * and function prototypes for the Event Output Module. 29 * 30 * This file is key to alerting with FTPTelnet. It contains the header 31 * file with all the individual alerts. 32 * 33 * The Event Output Module provides a mechanism to queue HttpInspect events 34 * and prioritize them. The Event Output Module does not actually log the 35 * events, but tracks them per session/packet. The user program needs to 36 * do the actual logging of events. 37 * 38 * Each event contains the type of event, the priority of the event, and 39 * any data that is associated with the event. 40 * 41 * NOTES: 42 * - 20.09.04: Initial Development. SAS 43 * 44 */ 45 #ifndef __FTPP_EO_H__ 46 #define __FTPP_EO_H__ 47 48 #include "ftpp_include.h" 49 #include "ftpp_eo_events.h" 50 51 /* 52 * We hold the type of alert, the priority of the alert 53 * and any data associated with this alert. 54 */ 55 typedef struct s_FTPP_EVENT_INFO 56 { 57 int alert_id; /* the alert id */ 58 int alert_sid; /* the unique sid */ 59 int classification; /* classification */ 60 int priority; /* the alert priority, 0 = highest */ 61 char *alert_str; /* the alert string */ 62 63 } FTPP_EVENT_INFO; 64 65 typedef struct s_FTPP_EVENT 66 { 67 FTPP_EVENT_INFO *event_info; 68 int count; /* number of times event occurred in session */ 69 void *data; /* generic ptr to data */ 70 void (*free_data)(void *); /* function to free data */ 71 72 } FTPP_EVENT; 73 74 /* 75 * This is a generic structure to translate different event types to 76 * the same structure. This helps when logging the different types 77 * of events. 78 */ 79 typedef struct s_FTPP_GEN_EVENTS 80 { 81 int *stack; 82 int stack_count; 83 FTPP_EVENT *events; 84 85 } FTPP_GEN_EVENTS; 86 87 /* 88 * The idea behind this event storage structure is that we use a 89 * simple stack to tell us which events we have set, so we don't 90 * set an event twice and can access the events very easily. 91 */ 92 typedef struct s_FTP_EVENTS 93 { 94 int stack[FTP_EO_EVENT_NUM]; 95 int stack_count; 96 FTPP_EVENT events[FTP_EO_EVENT_NUM]; 97 98 } FTP_EVENTS; 99 100 /* 101 * The idea behind this event storage structure is that we use a 102 * simple stack to tell us which events we have set, so we don't 103 * set an event twice and can access the events very easily. 104 */ 105 typedef struct s_TELNET_EVENTS 106 { 107 int stack[TELNET_EO_EVENT_NUM]; 108 int stack_count; 109 FTPP_EVENT events[TELNET_EO_EVENT_NUM]; 110 111 } TELNET_EVENTS; 112 #endif 113